From e0438b2f78ffbc22a9d4d391db524563ec9baa18 Mon Sep 17 00:00:00 2001
From: MarkKoz <KozlovMark@gmail.com>
Date: Thu, 20 Aug 2020 11:16:18 -0700
Subject: Watchchannels: censor message content if it has a leaked token

Fixes #1094
---
 bot/cogs/watchchannels/watchchannel.py | 10 +++++++---
 1 file changed, 7 insertions(+), 3 deletions(-)

diff --git a/bot/cogs/watchchannels/watchchannel.py b/bot/cogs/watchchannels/watchchannel.py
index 044077350..a58b604c0 100644
--- a/bot/cogs/watchchannels/watchchannel.py
+++ b/bot/cogs/watchchannels/watchchannel.py
@@ -15,6 +15,8 @@ from discord.ext.commands import Cog, Context
 from bot.api import ResponseCodeError
 from bot.bot import Bot
 from bot.cogs.moderation import ModLog
+from bot.cogs.token_remover import TokenRemover
+from bot.cogs.webhook_remover import WEBHOOK_URL_RE
 from bot.constants import BigBrother as BigBrotherConfig, Guild as GuildConfig, Icons
 from bot.pagination import LinePaginator
 from bot.utils import CogABCMeta, messages
@@ -226,14 +228,16 @@ class WatchChannel(metaclass=CogABCMeta):
 
             await self.send_header(msg)
 
-        cleaned_content = msg.clean_content
-
-        if cleaned_content:
+        if TokenRemover.find_token_in_message(msg) or WEBHOOK_URL_RE.search(msg.content):
+            cleaned_content = "Content is censored because it contains a bot or webhook token."
+        elif cleaned_content := msg.clean_content:
             # Put all non-media URLs in a code block to prevent embeds
             media_urls = {embed.url for embed in msg.embeds if embed.type in ("image", "video")}
             for url in URL_RE.findall(cleaned_content):
                 if url not in media_urls:
                     cleaned_content = cleaned_content.replace(url, f"`{url}`")
+
+        if cleaned_content:
             await self.webhook_send(
                 cleaned_content,
                 username=msg.author.display_name,
-- 
cgit v1.2.3


From c0afea19897ec0b47642bb62e4a426f4ca0c3cc8 Mon Sep 17 00:00:00 2001
From: MarkKoz <KozlovMark@gmail.com>
Date: Thu, 20 Aug 2020 11:18:02 -0700
Subject: Don't send code block help if message has a webhook token

---
 bot/cogs/bot.py | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/bot/cogs/bot.py b/bot/cogs/bot.py
index 79510739c..93f2eae7c 100644
--- a/bot/cogs/bot.py
+++ b/bot/cogs/bot.py
@@ -9,6 +9,7 @@ from discord.ext.commands import Cog, Context, command, group
 
 from bot.bot import Bot
 from bot.cogs.token_remover import TokenRemover
+from bot.cogs.webhook_remover import WEBHOOK_URL_RE
 from bot.constants import Categories, Channels, DEBUG_MODE, Guild, MODERATION_ROLES, Roles, URLs
 from bot.decorators import with_role
 from bot.utils.messages import wait_for_deletion
@@ -240,6 +241,7 @@ class BotCog(Cog, name="Bot"):
             and not msg.author.bot
             and len(msg.content.splitlines()) > 3
             and not TokenRemover.find_token_in_message(msg)
+            and not WEBHOOK_URL_RE.search(msg.content)
         )
 
         if parse_codeblock:  # no token in the msg
-- 
cgit v1.2.3